Biometric identification method, portable electronic device and electronic device for acquiring biometric data for its implementation
The invention relates to the field of biometry.
In this technical field, which consists of acquiring, measuring and recognising physical characteristics of a user, many recognition methods are already known, concerning voice characteristics, characteristics specific to the shape of the face or the iris of the eye or, in the most frequent case, fingerprint characteristics.
Most research work aims to improve the quality of the recognition, that is to say reduce as much as possible the number of erroneous recognitions or rejections. Other work aims to optimise the algorithms, reducing the calculating power necessary for their implementation.
Furthermore, a method commonly used for identifying a user consists of presenting a secret identification code, also called a PIN (Personal Identification Number). Since the increase in the number of these codes makes their storage difficult, biometry would be a possible alternative, provided that it provides an equivalent level of security.
One of the preferred fields of use of secret codes relates to portable electronic objects, in particular smart cards (memory or microprocessor cards). Such objects are in general used in applications requiring a very high degree of security such as bank debit/credit applications or access control applications. This is because, owing to the structure of these objects, no secret data is accessible from the outside, which makes it possible to obtain very high protection.
It is logical to combine the simplicity of use afforded by biometry techniques with the security imparted by smart card type portable electronic objects.
Many proposals have therefore been made along these lines. For example the French patent FR-B-2 674 051 can be cited.
All the existing biometric systems and methods break down into three phases which are depicted in FIG. 1. The first phase (10) is a phase of acquiring biometric data (15) during which a characteristic of the user will be measured. The biometric data (15) obtained during this phase are most often images for fingerprint, iris or face shape recognition, but they can also be sound sequences in the voice recognition case.
The second phase (20) is an analysis phase making it possible to extract a current signature (25), that is to say a set of representative data, from the biometric data (15), image or sound, obtained during the acquisition phase (10). This second phase (20) is extremely complex and requires a great deal of calculating power. The rate of erroneous recognitions or rejections, which is an indication of the quality and reliability of the method or the system, depends directly on the algorithms which will be implemented. Since the invention applies to any algorithm type, it therefore does not concern the improvement of these algorithms which furthermore forms the object of much research.
Similarly, the optimisation of these algorithms, so as to reduce the calculating power for implementing them and their execution time, is not the object of the invention either, although it is also the object of much research work.
The third phase (30) consists of comparing the current signature (25), obtained during the second phase (20), with a reference signature (35) defined previously during registration of the user.
Although much more complex than the second phase (20), in particular as regards the calculating power necessary, this third phase (30) is also a separate study field.
Smart card type portable electronic objects are provided with microprocessors, the calculating power of which still remains limited: as depicted by FIG. 2, it is possible to provide the portable object with a sensor and a memory so that the acquisition phase (10) and the comparison phase (30) are implemented by said object; on the other hand, the processor of the portable object is still incapable of implementing the phase of analysing (20) the biometric data (15) and extracting the current signature (25).
In order to implement said phase (20), it is necessary to have recourse to the processor of a computer. The security problems appear during the exchanges of information (15, 25) between the portable object and said computer. This is because the computer is not a secure system, and it is easy for hackers to intercept the data which are circulating, for example by means of a “Trojan Horse” type program. Thus hackers could intercept the biometric data (15) during the first exchange, or perhaps even the current signature (25) originating from the extraction phase (20), in order to use them fraudulently later by passing themselves off as the user.
Current systems using biometric identification therefore have a significant security problem.